Login

Privacy Takes Center Stage Online

Concerns about user privacy online have been expressed for years. Many companies have been known to share information about individuals (sometimes in aggregate) with third parties, with or without the consent of the owners. Google and Facebook made headlines because of how they have been handling the privacy of their users recently.

For Google, it was their recent call for new international standards on the collection and use of consumer data that attracted attention. The search engine giant did this in the person of Peter Fleischer, the company’s global privacy counsel. Fleischer addressed a U.N. audience in Strasbourg, France, with the complaint that the current international privacy laws help neither businesses nor consumers. An international body, he argued, ought to come up with standards that countries around the world could draw from to suit their own needs.

"The ultimate goal should be to create minimum standards of privacy protection that meet the expectations and demands of consumers, businesses and governments," Fleischer said in his speech. If these words sound strange or worrying coming from a Google representative, it’s no wonder. The search engine giant has had a number of run-ins with privacy advocates in the past.

Most recently, its not-quite-completed purchase of DoubleClick has been the biggest cause for concern. DoubleClick is an online advertising broker. Both Google and DoubleClick collect information about which sites users visit, often using cookies for tracking purposes. Many online privacy advocates find the idea of having that much consumer data in the hands of one company to be unsettling, to say the least. The European Union is reportedly concerned enough to be investigating Google’s privacy practices.

Needless to say, some online privacy advocates find Google’s arguing for international privacy standards suspicious. "Google, under investigation for violating global privacy standards, is calling for international privacy standards," observed Marc Rotenberg, executive director of the Electronic Privacy Information Center. "It’s somewhat like someone being caught for speeding saying there should be a public policy to regulate speeding."

Someone caught for speeding who says that they want a policy in place to regulate speeding would be expected to suggest laws that are more lenient than the current standards. Not surprisingly, critics have accused Google of this approach. Fleischer argued for a privacy framework similar to the one developed by the Asia-Pacific Economic Cooperation forum. He claimed that it "balances very carefully information privacy with business needs and commercial interests."

Rotenberg does not believe this is a suitable approach. "The APEC guidelines are far below what Google would be expected to do in Europe or the United States," he pointed out. He thinks the guidelines "don’t address the critical problem of limiting data collection, which is the key point in the dispute over Google’s business practices."

{mospagebreak title=Facebook on the Hot Seat}

Facebook, in the meantime, has also been drawing fire from online privacy advocates. The wildly popular social networking site recently announced a new policy to make limited member profiles available to nonmembers. A new search box at the bottom of Facebook’s home page will let non-Facebook users search for friends, acquaintances, or others who might have a Facebook account.

But the new policy goes beyond a search box on the home page. In early October, Facebook will begin making their user profiles available to search engine spiders. This means that anyone who has their privacy settings adjusted to “Everyone” will start to see parts of their profile showing up in searches on Google, Yahoo, and MSN. Only the name and profile picture of the user will show up in the search.

Why is Facebook doing this? “We wanted to give people who have never come to Facebook, or who are not currently registered, the opportunity to discover their friends who are on Facebook,” the company explained in a statement. It’s quite likely that there’s more than benevolent interest in its members behind this latest move however.

Sonja Thompson, who has been a member of Facebook for a month, hit the nail on the head. In a blog post for IT News Digest, she wrote that “Making user listings available on huge search engines such as Google and Yahoo should drive millions more people to the Facebook site, making it an even more lucrative advertising vehicle.”

The temptation is understandable. Facebook already holds profiles for about 40 million active members. USA Today reported that the social network plans to place more targeted ads on its site. It recently received a huge influx of users after opening its service to everybody about a year ago. The move may hit new members hardest. Many users joined Facebook because it keeps member information private, in the sense that no one from outside the network can see what you post to your profile. If these new members aren’t fully aware of how to control their privacy settings, they could be in for a rude shock. “I’m amazed that they seem to be opting-in literally millions of people who never asked for Facebook to put listings out in the public,” said Danny Sullivan, Search Engine Land editor and Facebook member.

Members who have been with Facebook longer may simply choose to leave the network. USA Today quotes Jaco Joubert, a 22-year-old Facebook user who has been with the site for two years. “Facebook used to be private,” he said, and added that he would likely leave Facebook in favor of business networking site LinkedIn. One wonders how many other long-time Facebook users will join him, and whether the member exodus will be balanced by the arrival of new members who join after finding their friends on the social networking site.

{mospagebreak title=Comparing Privacy Approaches}

Thanks to a recent report from the Center for Democracy and Technology, we now know the privacy practices for the five major search engines (Google, Yahoo, MSN, AOL and Ask) and can compare them side by side. I wrote about this report in mid-August, and you can read more about it here. In some ways, Google has the worst privacy policy of all. The search engine retails the IP address and cookie ID for a query for 18 months, and may only partially delete the data after that time. Contrast that with Yahoo’s policy, under which it retains such information for only 12 months, or Ask’s special AskEraser, a tool that lets users completely delete such data within a few hours.

Facebook’s approach represents a move from an opt-in to an opt-out model, as Danny Sullivan observed. Search engines have already indexed about 25,000 Facebook profiles. That’s less than a fraction of a percent of all the network’s profiles. And the company is actually being pretty cautious about this change; it has notified its users well in advance. This should give Facebook members enough time to change their privacy settings.

David Berkowitz, writing for Media Post Publications, explained how Facebook’s settings work. “First, Facebook members can control who can find their profiles within the site – friends, people in shared networks, or everyone. Only if ‘everyone’ is selected will Facebook provide members with the option of allowing others to see their public search listings. If that option is checked, members can then allow public listings to be indexed by search engines. If you’re on Facebook, this is all available under the Privacy Settings for Search,” he pointed out.

How does this measure up against privacy protections offered by other online social networks? Pretty well, actually. Google’s Orkut lets members control only whether their profile changes are visible to friends and whether friends can see who visits each others’ home pages. MySpace gives users limited control over who views their profile (they can restrict it to members 18 or older, for instance), and can block individual users. Yahoo 360 offers similarly limited controls. LinkedIn is on a par with Facebook, and may stand to benefit if enough people are unhappy with Facebook’s latest change.

It’s worth keeping in mind that this data covers the main services of search engines and online social networks. If you think Google’s Internet search holds information too long, you might want to take a look at Google Street View. At least one closet smoker has been caught – twice – on the service, and apparently felt forced to give up the habit. The service provides users with a close look at city streets in the United States. Unfortunately, it often includes identifiable images of people, sometimes doing potentially embarrassing things (like smoking or walking out of an adult bookstore). People caught on camera can request that the images be removed, but there’s no way to know whether you were captured unless you look.

This was enough to convince Canada’s privacy minister to warn Google that the service may be illegal in that country. Federal Privacy Minister Jennifer Stoddart sent the search engine a letter explaining the law, and that her office “considers images of individuals that are sufficiently clear to allow an individual to be identified to be personal information” that falls under the country’s privacy. This law forbids the commercial use of personal data without permission from the individual, and Stoddart noted in the letter that the images in Google Street View “appear to have been collected largely without the consent and knowledge of the individuals who appear in the images.” Google Street View is not currently available in Canada, and it is not known whether Google was planning to expand the service to that country.

{mospagebreak title=What Privacy Means to You}

It’s not easy to tell whether the trend is moving toward more or less personal information available to businesses. If anything, there seems to be a move toward more awareness of potential problems with so much user information being so readily available. The fact of the matter is, many people are willing to part with personal information for personal convenience without even thinking about what they’re giving up, and it isn’t happening just online. To cite one example, motorists who use toll roads can purchase electronic “passes” that charge a credit card when they drive through the appropriate lane at the toll booth. They don’t have to stop, but their driving habits are tracked.

If you own an online business and you want to reassure your site visitors as to how you will handle their personal information, you should set up a privacy policy and post it prominently on your site. You should detail what type of information you collect, how you will use the information, how a user can access the personal information that pertains to them and the steps they will have to take to get that data removed. You may also want to include information about the systems you have in place to protect the information of your visitors.

If you’re concerned about your personal privacy online, well you should be. According to a story on Parade.com, since January 2005, nearly 160 million personal records have been stolen or inadvertently posted online. To protect yourself, don’t readily give out your personal information; whether it is to a web site or a cashier, don’t give your address, phone number or Social Security number unless you know how it is going to be sued. Use at least a basic firewall in cyberspace, and don’t give any personal information in response to an email.